If opaque information is given by the user as part of the URL (i.e., `GET /foo?bar=1`), then include this opaque information in the redirection string.
Previously, opaque information was dropped and only the resource was used. This is problematic in cases where the opaque information contains important authorization details (think: signed URLs).
Additionally, the TPC handler is updated to perform correctly in this situation.
With this PR, if `http.header2cgi Authorization authz` is set in the configuration, the token will be moved from the headers to the opaque information _and_ now included in the redirect. Thus, clients which drop the `Authorization:` header upon redirect (this includes the latest versions of `curl`!) will now work by default with an Xrootd cluster.
Fixes behavior observed in the WLCG DOMA testing.
You can view, comment on, or merge this pull request online at:
https://github.com/xrootd/xrootd/pull/970
-- Commit Summary --
* Redirect clients based on the full URL, not just the resource.
* Make full resource plus opaque info available to plugin handler.
* Have TPC redirect based on the full URL.
-- File Changes --
M src/XrdHttp/XrdHttpExtHandler.cc (1)
M src/XrdHttp/XrdHttpReq.cc (38)
M src/XrdTpc/XrdTpcTPC.cc (19)
M src/XrdTpc/XrdTpcTPC.hh (2)
-- Patch Links --
https://github.com/xrootd/xrootd/pull/970.patch
https://github.com/xrootd/xrootd/pull/970.diff
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/xrootd/xrootd/pull/970
########################################################################
Use REPLY-ALL to reply to list
To unsubscribe from the XROOTD-DEV list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1
